CVE-2024-1362 in Colibri Page Builder Plugininfo

Summary

by MITRE • 02/23/2024

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/18/2025

The Colibri Page Builder plugin for WordPress represents a widely used tool for creating custom page layouts and content structures within the WordPress ecosystem. This plugin enables users to build sophisticated web pages through a visual interface while providing various shortcode functionalities for dynamic content insertion. However, security researchers have identified a critical vulnerability in versions up to and including 1.0.253 that exposes WordPress sites to cross-site request forgery attacks. The vulnerability specifically affects the cp_shortcode_refresh() function which handles shortcode refresh operations within the plugin's administrative interface. This flaw fundamentally undermines the security model that WordPress employs to protect against unauthorized administrative actions by failing to implement proper nonce validation mechanisms.

The technical flaw stems from the absence of proper nonce validation within the cp_shortcode_refresh() function, which operates as a critical endpoint for processing shortcode refresh requests. Nonces in WordPress serve as time-based tokens that verify the authenticity and integrity of administrative actions, ensuring that requests originate from legitimate sources within the WordPress administration environment. Without proper nonce validation, attackers can craft malicious requests that appear to come from authenticated administrative sessions, effectively bypassing the security controls that should prevent unauthorized modifications to site content. This vulnerability operates under the common weakness identified as CWE-352, which describes Cross-Site Request Forgery vulnerabilities where applications fail to validate the origin of requests, allowing attackers to perform unauthorized actions on behalf of authenticated users.

The operational impact of this vulnerability extends beyond simple data manipulation to encompass potential site compromise and content injection attacks. An unauthenticated attacker who successfully tricks a site administrator into clicking on a malicious link could execute arbitrary shortcodes with elevated privileges, potentially leading to complete site takeover. The attack vector relies on social engineering techniques where administrators are lured into performing actions through deceptive links, making this vulnerability particularly dangerous as it requires minimal technical expertise to exploit. This weakness aligns with ATT&CK technique T1566 which describes social engineering attacks that manipulate users into executing malicious actions, and T1190 which covers exploitation of vulnerabilities in web applications through crafted requests.

Security professionals should prioritize immediate remediation of this vulnerability by updating to the latest version of the Colibri Page Builder plugin where the nonce validation has been properly implemented. The recommended mitigation strategy includes not only updating the plugin but also implementing additional security measures such as monitoring for suspicious administrative activities and ensuring that WordPress core, themes, and plugins are regularly updated. Organizations should also consider implementing web application firewalls that can detect and block suspicious request patterns associated with CSRF attacks. The vulnerability demonstrates the critical importance of proper input validation and authentication mechanisms in web applications, particularly those handling administrative functions that could result in significant security breaches. Additionally, administrators should conduct regular security audits of their WordPress installations to identify and remediate similar vulnerabilities that might exist in other plugins or themes.

Responsible

Wordfence

Reservation

02/08/2024

Disclosure

02/23/2024

Moderation

accepted

CPE

ready

EPSS

0.00212

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!